Civil Society Common Statement: United Against Spyware Abuse in the EU and Beyond

Spyware isn’t just a privacy issue — it’s a threat to the very foundations of our democratic values. By undermining independent decision-making, restricting public debate, and silencing journalists and activists, spyware erodes the pillars of a healthy civic space.

As new European Union institutions prepare to take office following the EU elections, the growing threat of spyware has become a pressing global concern that demands immediate attention.

On Tuesday 3/9, Homo Digitalis joined Center for Democracy and Technology Europe (CDT Europe), alongside 30 civil society and journalists' organisations in publishing a joint statement urging the incoming EU institutions to prioritise action against the misuse of spyware in the new legislative term.

Some of our coalition’s key recommendations include:

  • A ban on the production, sale, and use of spyware that disproportionately harms fundamental rights.
  • Stronger export controls to prevent the misuse of these technologies beyond the EU.
  • Transparency and accountability in government contracts involving spyware.

As Silvia Lorenzo Perez, Director of CDT Europe’s Security, Surveillance & Human Rights Programme, puts it: "The incoming EU institutions have the opportunity to correct the failures of the last legislature by taking concrete and decisive action against the abuse of spyware surveillance."

The new EU institutions must seize this moment to restore public trust, protect our fundamental rights, and uphold the values that define the Union.

You can read the EN version of the letter here, and the EL version of the letter here.

Homo Digitalis has also addressed related concerns, before the Council of Europe’s Commissioner for Human Rights in a recent Open Letter submitted in August. You can read more about this here.


Homo Digitalis Submits Urgent Letter to the Council of Europe’s Commissioner for Human Rights

Homo Digitalis submitted today a letter to the Council of Europe’s Commissioner for Human Rights.

We this letter, the Greek CSO aims to draw the Commissioner’s attention to the following three issues:
A. The imminent adoption of a Presidential Decree in Greece permitting state authorities to procure spyware.
B. The deteriorating condition of independent supervisory authorities in Greece, plagued by power struggles, understaffing, and financial constraints.
C. The latest developments in the ongoing PREDATOR scandal in Greece, which leaves critical questions unanswered regarding the surveillance of journalists, politicians, and lawyers through illegal means.

Moreover, with this letter Homo Digitalis urges the Commissioner:

  • To give full and close attention to the situation in Greece,
  • To take into account the facts presented above and urgently request further information and clarifications from Greek authorities,
  • To examine the situation in Greece and take necessary steps to identify any shortcomings in the law and practices concerning human rights abuses, and
  • To assist in strengthening the activities of national supervisory institutions and other human rights structures in Greece.

You can read the letter (EN) here.


Homo Digitalis is immediately informed by the Hellenic DPA & the Hellenic Authority for Communication Security and Privacy for their intervention re the Draft Presidential Decree on Spyware

On Tuesday July 30th  η Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.

In response to our request, the response of the HDPA and ADAE has been lightning fast. Specifically, the Directorate of Supervisory Work of the HDPA informed us on the same day, 30 July 2024, that the HDPA has requested the draft presidential decree from the Ministry of Citizen Protection from 19 July 2024 in order to give its opinion on the matter, while the President of ADAE, Mr. Rammos, in a letter addressed to Homo Digitalis on August 1, 2024, informed us that ADAE, as it always does, within the framework of its constitutional and statutory competence, it goes without saying that it will exercise its advisory competence (provided for by Article 6 paragraph 1 point i of Law 3115 /2003) and on the specific draft presidential decree in the context of an institutional dialogue with all the state bodies involved in its adoption.

We await with interest the relevant developments in the near future, since, as Homo Digitalis has pointed out in its letter to the two independent authorities, the provisions of the draft presidential decree may cause irreparable risks for democracy, the rule of law and the protection of fundamental rights and freedoms in Greece.


We requested from the Hellenic DPA and the Hellenic Authority for Communication Security and Privacy to issue an Opinion on the Draft Presidential Decree for the procurement of spyware by Greek authorities

Today, 30.7.2024, Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.

The lack of transparency and openness regarding the whole process of drafting the text of the draft Presidential Decree, as well as the absence of an informed dialogue with the independent authorities of the country and with the advisory bodies of the state , combined with its late preparation, which contradicts the explicit provision of the legislator in Articles 13 and 47 of Law 5002 /2022, create additional concerns in the public sphere, as well as in certain professional circles, such as politicians, journalists, and lawyers, whose preservation of the confidentiality of communications is vital for democracy.

Homo Digitalis considers that, in the absence of immediate intervention by the two supervisory authorities, there is a serious risk that the provisions of the Draft Presidential Decree may not meet the requirements set out in Union law and the case law of the CJEU, may contravene the values enshrined in Article 2 TEU and the Fundamental Rights enshrined in the Charter and, in particular Articles 7, 8, 11, 11, 17, 21 and 47 thereof, fail to comply with the requirements laid down in Council of Europe law, in particular the values enshrined in the ECHR and Convention 108 and the case-law of the ECtHR, and infringe Articles 9A, 14 and 19 of the Greek Constitution.

Furthermore, Homo Digitalis considers that there is a serious possibility that the provisions of the said Draft Presidential Decree will create a lower level of protection in Greece than in other EU Member States, thus hindering the exchange of data and information between Greece and other Member States and leading to the impossibility of fighting serious crime and terrorism at a cross-border level whenever the use of spyware by the Greek authorities has taken place.

You can read our request in detail here.